IT Security Specialist

To manage the Security Operations of the Networks and Information Technology programs combining cost-effective technical measures with security controls derived from ISO 27001/31000/22301.

JOB SUMMARY

KEY FUNCTIONS

• Serve as a subject matter expert (SME) for performing vendor risk assessments to improve overall vendor risk posture by coordinating and managing the vulnerability assessment and penetration testing initiatives.
• Ensure compliance with PCI and ISO 27001 auditing requirements by conducting periodic audits to determine security violations and inefficiencies.
• Minimize and mitigate against the risk of data loss through privilege access by implementing the processes to systematically respond to and implement all recommendations from internal and external audits which fall under the category of 'IT General Controls.
• Provide security recommendations for business continuity and operations by implementing IT security risk management and business continuity management plans and practices.
• Protect the integrity, accuracy and confidentiality of the organization information assets and identify, analyze and evaluate technology security risks by providing input to the wider development of the information governance strategy and business planning process. Develop plans to safeguard computer files against unauthorized modification, destruction or disclosure.
• Provide training to employees on the use and features of security systems by cross-training other team members in technologies relevant to the job.
• Monitor network traffic and conduct investigations for infected devices by continual monitoring and documentation of security incidents through company Security Information and Event Management (SIEM) solution; Investigate suspected and actual security incidents in accordance with the security incident management standard/plan.
• Develop business cases, request for proposals (RFP), request for information (RFI), waivers, evaluations and other purchasing documents for all Security solutions. These documents will be submitted for approval four (4) months before the contract start date and other relevant procurement policies.
• Work-place Safety: Ensure all work is done in accordance with established safety practices and procedures.

EDUCATION & EXPERIENCE:

• A minimum of a bachelor’s degree in information security, computer information systems, network security, computer science or a related field of study.
• ITIL Foundation
• Cisco Certified Network Associate - Security (CCNA Security)
• CompTIA Security+
• CompTIA Linux+
• CompTIA Network+

The following will be an asset:

• VMware certification
• PMP
• ISACA - Certified Information Systems Auditor (CISA)
• Certified ISO 27001 Lead Implementor
• EC-Council - Certified Ethical Hacker (CEH)
• Mile2 - Certified Penetration Testing Engineer
• Check Point Certified Security Administrator (CCSA)
• A minimum of three (3 ) years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, systems administration, two (2) years of which involves designing and deploying security solutions.
• Working knowledge of security issues, techniques and implications across computer platforms.
• Experience working in NOC/SOC environment.

NOTE: Any relevant combination of qualifications and experience at an appropriate level to competently perform required duties will be considered.

FUNCTIONAL COMPETENCIES:

The Ability to:

• Conduct vulnerability assessment (e.g. Tenable/Nessus)
• Implement appropriate security awareness programs.
• Implement and maintain security systems, practices and privilege access management solution.
• Develop metrics to improve productivity and business continuity.
• Excellent verbal, written and interpersonal communication skills, including the ability to communicate effectively with the IT and information security organizations, project and application development teams, management and business personnel.

Knowledge of:

• Security information and event management (e.g. Splunk)
• Security of cloud services and infrastructure (VMware, Dell, Oracle etc.)
• Administration of privilege access management solution (e.g. CyberArk)
• Risk management framework and security standards (ISO 27001/31000/22301

CORE AND LEADERSHIP COMPETENCIES:

• Organisational Awareness: Contributes to the organisation by understanding and aligning actions with the organisation's goals, core functions, needs, and values. Contributes to the organisation by actively demonstrating the alignment of activities with the organisation strategies, key initiatives, core functions, needs, and values and supporting others to do the same.
• Customer Focus: Prioritises and takes action on the needs of both internal and external customers. Designs and delivers products and services with the customer experience top of mind.
• Planning and Results Orientation: Invests time in upfront planning to achieve organisational goals and objectives while meeting quality standards, following the appropriate processes, and continuously assessing results.
• Creativity and Innovation: Thinks beyond the confines of traditional models to recognise opportunities and find new and better ways of doing things to be and remain an agile broadband provider. Encourages experimentation and accepts failure as a driver of innovation.
• Communication: Effectively and appropriately interacts with others to build relationships, influence others, and facilitate sharing ideas and information. Uses tact and diplomacy to navigate demanding situations. Relays key messages by creating a compelling story targeted to specific audiences.
• Managing Through Change and Uncertainty: Adjusts thinking and behaviour to resiliently face change and uses experience to fuel growth. Embraces failure as a learning opportunity for themselves and others. Enables the process of change and transition while helping others deal with the effects of change.
• Problem Solving and Decision Making: Use critical thinking to evaluate problems, gather information, understand causes, and identify the best workable solutions. Invests time in planning, discovery, and reflection to drive better decisions and more efficient implementations.

Deadline date for applications: 03rd September 2023